[Tfug] I got a real funny here...needs to stay in TFUG...

keith smith klsmith2020 at yahoo.com
Fri Jul 1 07:58:31 MST 2011 

If it is a straight insert then the name would have to resolve to TRUE, not just be the text value "true"  If the field is quoted and the data field is of a text variant, then the insert string would have to contain some value that the data engine would convert to true or 1 before storing the value as text.

This is very interesting since it is a voter's name and I'm guessing either the name was scanned in or someone had to type it in.  

Can you show us the insert so we can see what it could possibly be?   

------------------------

Keith Smith

--- On Thu, 6/30/11, Jim March <1.jim.march at gmail.com> wrote:

From: Jim March <1.jim.march at gmail.com>
Subject: Re: [Tfug] I got a real funny here...needs to stay in TFUG...
To: "Tucson Free Unix Group" <tfug at tfug.org>
Date: Thursday, June 30, 2011, 8:47 PM

God.  Nobody gets it yet?

The family name involved: True

Now think about how that would get turned into "1".

Yeah.  It's accepting program code in the data fields.  So you could
do an SQL injection attack with a paper and pen: just fill out a fake
voter registration form for "Little Bobby Tables"...

:)

Jim

On Thu, Jun 30, 2011 at 8:36 PM, Dennis McCormick
<macsinitial65haus at gmail.com> wrote:
> On Thu, Jun 30, 2011 at 8:23 PM, Adrian <choprboy at dakotacom.net> wrote:
>> On Thursday 30 June 2011 18:47, Jim March wrote:
>>> Somewhat OT, but still computer security related.
>>>
>>> OK, so there's this electronic voter registration system out there.
>>> Won't say which until the report goes public.  Ain't used in AZ so
>>> don't freak out on me :).
>>>
>>> Somebody I know who monitors elections went through the voter
>>> registration lists and found a small number of cases where the
>>> person's last name was listed as "1".  Yeah.  Just the number one, no
>>> quotes.
>>>
>>> It turned out all of those people (most unrelated to each other) had
>>> the same last name.
>>>
>>> Care to guess what it was?
>>>
>>
>>
>> O'Malley? O'Rielly? O'...
>>
>>
>>
>> Adrian
>>
>>
> How about Juan?
>
> Dennis
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20110701/0d887e9e/attachment-0002.html>

More information about the tfug mailing list